Bug Fixes (3.2.1)

3.2.1

Version Case ID Internal ID Components Summary
3.2.1

42572

XE-11137

Dup UDR

 Duplicate UDR Lock Handling Can Fail And Block Workflow Start

Description

If you are using the option “Enable Separate Storage For Workflow” in the Duplicate UDR Profile, there are scenarios where a workflow becoming unreachable due to an EC crash that can cause that workflow to become blocked. The Duplicate UDR Detection Agent will fail to take the profile lock during startup and will abort the workflow immediately at startup. This problem will then persist until the platform is restarted.

Resolution

The handling of unreachable profile storages has been fixed so that the lock is released allowing the workflow to start.
3.2.1

XE-9431

Netty

 Vulnerability in Netty

Description

A vulnerability was detected in Netty.

Resolution

Netty has now been upgraded and the vulnerability removed.
3.2.1

XE-9431

Azure

 Vulnerability in Azure

Description

A vulnerability was detected in the Azure library.

Resolution

The Azure library has now been updated and the vulnerability removed.
3.2.1

XE-9431

Azure

 Vulnerability detected in Azure Identity

Description

A vulnerability was detected in the Azure Identity libraries used for Azure Profile authentication.

Resolution

Azure Identity has now been upgraded and the vulnerability removed.
3.2.1

XE-9431

GCP

 Vulnerability Detected in Netty and JSON Libraries used by Google Cloud Components

Description

CVEs detected in multiple Netty and JSON libraries used by Google Cloud components.

Resolution

The Netty and JSON libraries have now been upgraded and the vulnerability is mitigated.

3.2.0

Version Case ID Internal ID Components Summary
3.2.0

41457

XE-10270

Shared Table

 Not Possible to Add CSV DB in Shared Table

Description

When using the Shared Table profile, it is not possible to add a CSV Database profile, only PostreSQL.

Resolution

This problem has now been fixed and CSV can be selected in the Shared Table profile.
3.2.0

41559

XE-10315

Shared Table

 Missing Field in Shared Table

Description

The field for entering the SQL Query is missing in the Shared Table profile in Desktop Online.

Resolution

This problem has now been fixed and the SQL Query field is present.
3.2.0

41589

XE-10327

Aggregation

 Hashed Wheel Timer jar File Not Added in mzp

Description

Error when running aggregation in “memory only” storage with real-time workflows.

Resolution

This has been fixed by including the required Hashed Wheel Timer jar file.
3.2.0

XE-7093

OpenAPI Profile

 Open API Profile Becomes Invalid When Saved

Description

If the Open API profile has an invalid yaml file, it becomes invalid when saved because some inner schema name under Properties contain invalid characters.

Resolution

This problem has now been fixed by adding a validation step for inner schema name under Properties. The Validation dialog will be displayed to inform the user whenever invalid characters are detected.
3.2.0

XE-7657

Ultra

 bit_block Constructs Not Supported in Switch Statement Prefixs

Description

Ultra does not support declaring bit_blocks in the prefix of a switched_set.

Resolution

Ultra has been updated to support bit_blocks in the prefix of a switched_set. The fields inside the bit_block can be used as any other field in the prefix.
3.2.0

XE-7994

HTTP/2

 HTTP2 Client Requests Only Allow Single Value Parameters

Description

The HTTP2 RequestCycle UDR only allows single value parameters even though the OpenAPI 3.0 spec allows multi-value parameters.

Resolution

A new field named multiValuedParameters which is supports adding a map with a string and a list of strings has now been added to the HTTP2 Client RequestCycleUDR to support the addition of multi-value parameters. For backward compatibility and usage of the new field, see the user documentation of the HTTP2 Client RequestCycleUDR.
3.2.0

XE-9187

JMS

 Aria-Labelledby Missing in Some Fields for JMS Agents

Description

The JMS Request and Collector agents contain fields without the Aria-Labelledby tag. The tag is used for accessibility purposes to read out the field name or label.

Resolution

The Aria-Labbeledby tag has now been added for the fields previously missing it.
3.2.0

XE-9234

Ultra

 Poor User Experience When Adding Duplicate Key in UDR Default Value List

Description

The Ultra Format Converter does not inform the user when trying to add a duplicate key in the default value list of a UDR.

Resolution

This has been fixed by displaying a validation error pop-up with an appropriate message in case the user tries to add a duplicate key in the default value list of a UDR.
3.2.0

XE-9368

SAP RFC

 Deadlock in SAP JCO RFC Agent When Stopping the Workflow

Description

Deadlock occurs in the SAP JCO RFC agent when the user stops the workflow whenever the UDR queue is full of UDRs.

Resolution

Removed lengthy loop logic waiting for the UDR queue to become empty when the user stops the workflow. Removed lengthy loop logic waiting for the RFCExecutor Thread to complete when the user stops the workflow. Added a try-catch handler for InteruptedException to exit the RFCExecutor Thread when the user stops the workflow.
3.2.0

XE-9447

5G Profile

 5G Profile NRF Behaviour Inconsistent with 3GPP Documentation

Description

When using the 5G profile with http2 agents, there were some inconsistent behaviors relating to the heartbeat timer, custom specification, and response handling.

Resolution

We enhanced the 5G Profile and its response handling behavior when used with the http2 agents to be more in line with the details stated in the 3GPP documentation.
3.2.0

XE-9534

Data Hub

 Not Possible to Select Available Data Hub Profiles for Data Hub Task Workflow

Description

When configuring a Data Hub Task workflow in the Workflow Table, the default Data Hub profile configured in the agent is selected by default and when clicking Browse, no other Data Hub profiles available in the system are displayed making it impossible to select another profile.

Resolution

This problem has now been fixed, and all available Data Hub profiles are displayed and selectable in the Workflow Table.
3.2.0

XE-9827

Installation

 PostgreSQL Only Works with Default Port

Description

When using PostgreSQL as platform database and configuring another port than the default port, the platform will fail to start.

Resolution

This problem has now been fixed and you can select to use another port than default for PostgreSQL.
3.2.0

XE-9830

OpenAPI Profile

 Invalid Vaadin OpenAPI Profile Shows Valid Status

Description

When saving an invalid Vaadin OpenAPI profile it will be displayed as valid.

Resolution

This problem has now been fixed, and the correct status will be displayed when saving an OpenAPI profile.
3.2.0

XE-9836

SAP RFC

 JCO Agent Throws Unexpected Error at Trace Level 8

Description

When the SAP JCO Agent trace level is set to 8 or above, it will try to retrieve the session attributes to be output. This will cause a runtime exception if the session has not been initialized.

Resolution

A check to initialize a session if not already initialized has been added in the event the session attributes need to be read.
3.2.0

XE-9918

Apache Commons

 Vulnerabilith in Apache Commons

Description

The Apache Commons library contains a vulnerability (CVE-2023-34411).

Resolution

Apache Commons has been upgraded to a version where this vulnerability does not exist.
3.2.0

XE-9950

Core

 Synchronizing WorkflowServer State Causes Resource Starvation

Description

When restarting the platform during heavy execution, it is possible to end up in a scenario with several workflow server state threads spawning. This is not intended and may, in some cases, lead to resource starvation on the platform making the system unresponsive.

Resolution

The underlying issue has been fixed by introducing thread synchronization measures to critical parts of the workflow server startup code.
3.2.0

XE-10014

OpenAPI Profile

 OpenAPI Profile Does Not Work in HTTP2 Client

Description

The schema name's first character must be capitalized for the OpenAPI profile to work on the HTTP2 Client Agent.

Resolution

Using lowercase for the schema name's first character is now allowed.
3.2.0

XE-10078

Upgrade

 Vulnerability in DetermineDvType.java

Description

The DetermineDbType.java library contains a vulnerability.

Resolution

DetermineDbType.java has been upgraded to a version where this vulnerability does not exist.
3.2.0

XE-10085

helm

 Incorrect Values in OIDC Yaml

Description

The values in mz-oidc-secret.yaml are missing “ip”.

Resolution

This has now been fixed and the values in mz-oidc-secret.yaml are correct..
3.2.0

XE-10087

helm

 Ingress Missing from NGINX Yaml

Description

Ingress is missing in the nginx-service.yaml.

Resolution

This problem has now been fixed and ingress is now included in nginx-service.yaml.
3.2.0

XE-10114

Dynamic Workflow

 Unable to Add Workflow to Encrypted Template

Description

When trying to add a new dynamic workflow to an encrypted template, an error stating “Nested exception” appears.

Resolution

This has now been fixed and new workflows can be added to encrypted templates.
3.2.0

XE-10139

Couchbase

Netty

 Vulnerabilities in Couchbase

Description

A number of vulnerabilities have been found in the Couchbase version used.

Resolution

TCouchbase SDK has now been upgraded and these vulnerabilities removed.
3.2.0

XE-10142

Access Control

 3pp Apps Cannot be Provisioned

Description

When adding 3pp apps to the system, it is not possible to select the Provisioned checkboxes in Access Controller since they are read-only.

Resolution

This problem has now been fixed and 3pp apps can be provisioned as expected in Access Controller.
3.2.0

XE-10163

Amazon S3

 Amazon Profile Using IAM Role Unable to Access Bucket

Description

When using the Amazon profile with IAM Role Selection it is not possible to access the AWS Bucket.

Resolution

This problem has now been fixed and AWS Buckets can be accessed when using IAM Role Selection.
3.2.0

XE-10269

OpenAPI Profile

 Discriminator Keyword in Open API Schemas Not Supported

Description

Open API Schema objects using the discriminator keyword are not validated correctly during processing.

Resolution

Support for schemas containing the discriminator keyword has now been added.
3.2.0

XE-10303

Disk

FTP

SCP

SFTP

 Duplicate Filter Collection Strategy Stops Working After a While

Description

The list of registered files that are used to check for duplication never gets updated. As the number of files to be collected is greater than the file list size, the Duplicate Filter fails to detect the files that have been collected in the previous workflow runs.

Resolution

Whenever new files are collected, the list of registered files must be updated to the most recent set of files dynamically. Hence the Duplicate Filter will be able to work correctly even if the number of files to be collected is greater than the file list size.
3.2.0

XE-10311

OpenAPI Profile

 UDR Property Fields with AllOf Schema Has Incorrect Type

Description

UDRs with property fields containing the allOf schema will have their type shown as "any" in the UDR Assistant.

Resolution

The UDR generation has been fixed to link the correct type to the property fields.
3.2.0

XE-10432

OpenAPI Profile

 UDR ClassNotFoundException Thrown When Running Workflows with HTTP/2 Using OpenAPI Profile

Description

A ClassNotFoundException is seen in the EC log when an HTTP2 server/client workflow run with OpenAPI Profile contains schema type Array.

Resolution

A checking mechanism for any OpenAPI scheme type before trying to retrieve its runtime class has been added to avoid retrieving runtime class of schema type Array.
3.2.0

XE-10488

Spring

 Vulnerabilithy in Spring-Core

Description

The spring-core library contains a vulnerability (CVE-2023-20860).

Resolution

spring-core has been upgraded to a version where this vulnerability does not exist.
3.2.0

XE-10509

Aggregation

 Aggregation Session Inspector Does not Release Profile Lock

Description

If you exit an Explore Session with the ESC key in Aggregation Session Inspector, the profile lock is not released.

Resolution

A profile lock release procedure has now been added to solve this issue.

3.1.0

Version Case ID Internal ID Components Summary
3.1.0

XE-9640

System Export/Import

 Exception Thrown When Selected Config Has Circular Dependencies in Vaadin System Exporter

Description

In the System Exporter UI, select a config that has circular reference by another config, StackOverflowError exception was thrown.

Resolution

This issue is fixed. Circular dependencies can now selected.
3.1.0

XE-9491

ECDeployments

Prometheus

 Corrected Prometheus Metrics Example Configurations

Description

The example configurations documented related to Prometheus metrics did not produce a configuration that could be used to scale ECDs based on custom metrics.

Resolution

This has been corrected now.
3.1.0

XE-9279

OpenAPI Profile

 HTTP2 Server Agent Unable to Set UDRs with Read-Only Fields

Description

When UDRs are generated from the Open API schema specification file, certain UDR fields used in the response body are marked as read-only. In some cases, the HTTP2 Server agent needs to initialize and set those fields to generate a proper response.

Resolution

Added a checkbox in the Open API profile to allow users to have the option to ignore the read-only tag for the selected schema specification file.
3.1.0

XE-9279

Core

 Encoder Cannot Handle Large Amounts of Data

Description

When running really large UDR through a workflow, the Encoder may not have capacity enough and throw an error.

Resolution

The Encoder has now been redesigned to allow larger UDRs and the the problem with processing large amounts of data is fixed.
3.1.0

39256

XE-9193

Workflow Packages

 Running multiple versions of the same workflow can cause deadlocks

Description

If you have multiple versions of the same batch workflow from different workflow packages trying to run at the same time, it can lead to deadlocks causing none of the versions to be started.

Resolution

This has now been fixed so that those workflows will as expected run sequentially in random order.
3.1.0

XE-XE-8967

Salesforce

 Salesforce Agent Throws Errors in Older Configurations

Description

When trying to open the Salesforce agent in a workflow that was created in an earlier version, you get a Null Pointer Exception.

Resolution

This problem has now been fixed and workflows with Salesforce agents created in earlier versions can be opened without errors.
3.1.0

XE-8890

ECDeployment

Operator

 Custom Service Accounts Cause ECDs Fail to Start

Description

When creating an ECD after having made an installation with global.serviceAccountName set to a custom service account in the helm chart, the ECD will fail to start.

Resolution

This issue is fixed. An ECD can be created and started as expected when using custom service accounts.
3.1.0

XE-8867

ECDeployment

Operator

 EC Pod Not Updated When Service Account is Removed

Description

When removing a service account from the common ECD configuration, the value in the EC pod is not reset.

Resolution

This issue has now been fixed, and if a service account is removed, the EC pod is updated accordingly.
3.1.0

40160

XE-8495

Database Agents

 Upgrade Oracle Deprecated Methods

Description

The database forwarding agent was using two obsolete methods for Oracle's batch update functions. This causes performance issues when running toward Oracle 19c.

Resolution

The function calls have now been updated to no longer use deprecated implementations of the JDBC driver.
3.1.0

XE-8444

Web Desktop

 Unable to Terminate Sessions in Web UI After a Period of Inactivity

Description

When the Reauthenticate Users After Inactivity field in mzdesktop is set, sessions in Web UI are not terminated after a period of inactivity.

Resolution

Sessions are revoked after set period of time in the "Reauthenticate Users After Inactivity" field in access control.
3.1.0

XE-8211

5G Provile

 5G Profile and workflow instance table exported from MediationZone 8 not compatible with Usage Engine

Description

Profile and workflow exported from MediationZone 8 not compatible with Usage Engine. Some fields in 5G Profile and workflow instance table column gone missing when imported into Usage Engine.

Resolution

Some fields in 5G Profile and some fields in workflow instance table column exported from MediationZone 8 are given special handling when imported into Usage Engine.
3.1.0

XE-7880

Couchbase

 Description of the view.timeout Property in Couchbase Profile Needs Revision

Description

The view.timeout property in the Advanced tab of the Couchbase profile has a description that needs to be updated with the latest information about supporting N1QL queries.

Resolution

The description of the view.timeout property has been updated to indicate the support for N1QL queries.
3.1.0

33327

XE-6862

Core

 Added character limit check to workflow packages

Description

Sometimes workflow packages with long names would exceed the DB column limit of 64 characters for the workflow key. This would break the workflow handling.

Resolution

Validation has been added to the export of workflow packages to prevent this from happening. A (dynamic) limit has been added to the workflow package name. This limit is dynamic and not a “hard” limit because the key itself is comprised of other dynamic parts besides the wf package name, such as version, system name and instance ID.
3.1.0

XE-5162

System Export/Import

 Unable to Import the Statistics Cleaner Workflow Group

Description

The workflow group “SystemTask.Statistics_Cleaner_grp” is cannot be imported.

Resolution

The issue is resolved and the workflow group can now be imported.
3.1.0

35969

XE-5162

Desktop Framework

 Problematic Force Deletion of Configurations

Description

When trying to delete configurations that other configurations depend on, you get the option to force delete and just let the other configurations become invalid. This is broken and the delete operation always fails.

Resolution

It is now possible to force delete configurations.
3.1.0

40628

XE-9590

Google Cloud PubSub

 Google Library Crashing in Usage Engine Private Edition

Description

Google library are crashing due to incorrect configuration of OSGi file causing it to expose the google protobuf library.

Resolution

It is now configured correctly and working.
3.1.0

XE-8677

helm

 OIDC Helm Configuration Broken

Description

When setting the auth.oidc.ip.enabled parameter to true in the helm chart, the Platform pod fails to start and ends upp in CrashLoopBackOff status.

Resolution

This problem has now been fixed and the the Platform pod should start as expected when using the OIDC IP parameter.
3.1.0

XE-8550

ECDeployments

Workflow Packages

 Invalid References Generates Exception in Platform Log

Description

If a workflow package contains invalid references, you will get an exception in the platform log when creating an ECD for the package.

Resolution

This problem has now been fixed, and no errors will be displayed in the platform log if the workflow package contains invalid references.
3.1.0

XE-4297

MZOnline

Workflow Engine

 Encrypted Workflows Generate Errors in the Web Interface

Description

When clicking on encrypted workflows in the web interface, you will get an error message saying “Wrong Passphrase Entered”.

Resolution

This problem has now been fixed and encrypted workflows can be viewed as expected in the web interface.

3.0.4

Version Case ID Internal ID Components Summary
3.0.4

42446

XE-10892

SFTP

 Performance Drop for SFTP Collection

Description

When running the SFTP server with the default Maximum Asynchronous Requests from the SFTP collection agent, performance drops.

Resolution

It is now possible to configure Maximum Asynchronous Requests for SFT and SCP collection agents, which makes it possible to tune the workflow for maximum performance.
3.0.4

42618

XE-11105

Pico Management

 Write Permission Validation Fails in Web UI

Description

EC Groups can be created in the web interface even though write permission has not been granted to the user.

Resolution

Write permission validation has now been added for creating, editing and deleting EC Groups.
3.0.4

41826

XE-10514

Workflow Group

 Workflow Groups with Prerequisites not Working Correctly

Description

If a workflow group within another workflow group is configured with a prerequisite, it does not wait for the prerequisite workflow to finish.

Resolution

This problem has now been fixed.

3.0.3

Version Case ID Internal ID Components Summary
3.0.3

40887

XE-9828

SFTP

 Too Many Requests to SFTP Server Causes Workflow to Hang

Description

When collecting files with the SFTP collection agent, the workflow hangs if the client sends hundreds of requests which the server cannot handle.

Resolution

The 3pp used by the SFTP agents have been upgraded and the maximum number of requests to the server has been limited to 16.

3.0.2

Version Case ID Internal ID Components Summary
3.0.2

40789

XE-9842

Database Agents

 Database Agent Aborts with NPE

Description

A NullPointerException is thrown when attempting to assign a null value to a primitive type of integer when trying to store the value to database.

Resolution

This problem has now been fixed, and a NullPointerException will not be thrown when assigning null values.
3.0.2

40804

XE-9810

External References

 External Reference with Escape Characters Handled Incorrectly

Description

An external reference value with escape characters, such as a new line, was literally taken, i.e. converted to a string as is when using External Reference Database or Kubernetes.

Resolution

Now the value field can contain a multi lined value. If escape characters are added these will be handled correct.
3.0.2

40804

XE-9810

External References

 Limit on External Reference Values Too Small

Description

The current limit of 1000 characters for an External Reference value is not enough to store values like private key.

Resolution

The limit has now been increased to 4000 characters.
3.0.2

41026

XE-9861

Data Veracity

Upgrade

 Users without Data Veracity Licenses Receives Errors for Workflow Properties

Description

When a user that does not have a license for Data Veracity tries to open Workflow Properties, an error will be displayed.

Resolution

This issue has now bee fixed and users without Data Veracity licenses can open Workflow Properties.

3.0.1

Version Case ID Internal ID Components Summary
3.0.1

XE-8967

Salesforce

 Salesforce Agent Throws Errors in Older Configurations

Description

When trying to open the Salesforce agent in a workflow that was created in an earlier version, you get a Null Pointer Exception.

Resolution

This problem has now been fixed and workflows with Salesforce agents created in earlier versions of MediationZone can be opened without errors.
3.0.1

XE-9431

Core

 Deserialization of UDRs May Result in a ClassCastException

Description

When stored UDRs from earlier versions of MediationZone are deserialized, you may get a ClassCast Exception.

Resolution

This problem has now been fixed and deserialization should work as intended.

3.0.0

Version Case ID Internal ID Components Summary
3.0.0

XE-8530

Web Desktop

 Vulnerability in Apache Commons

Description

The Apache Commons library contains a vulnerability (CVE-2023-24998).

Resolution

Apache Commons has been upgraded to a non-vulnerable version.
3.0.0

XE-8396

Helm

Kubernetes

 Default JVM Args Too Limiting

Description

The current default JVM args for the Platform: - XX:MaxDirectMemorySize=4096m 3 - XX:MaxMetaspaceSize=256m 4 - Xms256m 5 - Xmx512m is limiting and should be updated.

Resolution

The default values have now been updated to: - XX:MaxDirectMemorySize=4096m - XX:MaxMetaspaceSize=256m - Xms256m - Xmx512m
3.0.0

39143

XE-8281

Aggregation

 Documentation for Aggregation Write Locks Misleading

Description

The documentation regarding write locks for Aggregation is misleading regarding possible number of simultaneous locks.

Resolution

The documentation has now been updated to say that only one lock can exist in all bullet points in the Aggregation profile configuration description.
3.0.0

XE-8181

Data Veracity

 Nullpointer Exception Introduced by a Previous Fix

Description

Due to a previous bug fix, an exception is caused due to accessing an uninitialized list.

Resolution

This problem has now be sovled and a check for an empty null value of the list has been added.
3.0.0

XE-8169

Operator

 Vulnerability Detected in goyaml

Description

A CVE regarding goyaml, CVE-2022-28948, was detected in the operator.

Resolution

goyaml has now been upgraded and this vulnerability removed.
3.0.0

XE-8118

Docker

Python

 Python Vulnerabilities in Docker Images

Description

Python vulnerabilities was detected in the Docker images.

Resolution

Python vulnerabilities was detected in the Docker images.
3.0.0

XE-8117

Docker

 OS Vulnerability in Docker Images

Description

A vulnerability was detected in the OS in the Docker images.

Resolution

This issue has now been fixed and the vulnerability removed.
3.0.0

XE-8077

SCIM

 SCIM Can Now Handle Default Group

Description

SCIM rest api does not handle Default Group. Incorrect information could be showed when get a user or group.

Resolution

Default group can now be added on POST, PUT, PATCH commands. Users and groups are always showing the correct information.
3.0.0

XE-8076

SCIM

 SCIM Fails when Parameter mz.security.user.restricted.login is Set

Description

SCIM rest api can not be used when parameter mz.security.user.restricted.login is set.

Resolution

SCIM can now be used with mz.security.user.restricted.login.
3.0.0

37567

XE-8011

PCC

 PCC Proxy Cannot Access PCC REST APIs Dynamically

Description

It is not possible to use the PCC Proxy to access PCC REST APIs via the platform without setting up NodePort services for the EC web server, since you have to explicitly point out the EC host in the mz.pcc.restful.host property.

Resolution

The PCC proxy now dynamically detects registered clients. As long as you have any running ECD with PCC enabled no explicit configuration is needed.
3.0.0

35090

XE-7962

OpenAPI Profile

 JsonEncodeUdr APL Function Does Not Retain Original Field Name

Description

When encoding UDRs with the JsonEncodeUdr APL function, the UDRs containing field names starting with numbers or symbols are modified to satisfy Java class naming rules.

Resolution

Fix the encoding function to retain the original field name.
3.0.0

35530

36058

XE-7932

EC Deployments

 ECDs with PackageImages Fail to Startup

Description

When having a package image defined for an ECD, the check for existing workflows is done before docker init, and since it is the docker init that does the import in the CI/CD pipeline, the workflows will not be present when the check is done and the ECD will never startup and return a 404 error.

Resolution

This problem has now been fixed, and ECDs with package images start up as expected.
3.0.0

XE-7923

Documentation

 Missing Documentation for System Tasks

Description

Documentation for many System Tasks is missing.

Resolution

The documentation has now been updated to describe System Tasks.
3.0.0

35504

XE-7790

Aggregation

 Cache Update by the System Fails Due to Version Change of Workflow Package

Description

When updating the cache, the system tries to update all the classes referred in the Workflow package import irrespective of whether the referred classes may or may not be present/used in the packages.

Resolution

Skip unused/unavailable classes and type info during cache update.
3.0.0

XE-7763

Netty

 Vulnerability in Netty

Description

A CVE regarding Netty, CVE-2022-41881, was detected.

Resolution

Netty has now been upgraded and this vulnerability is removed.
3.0.0

XE-7750

Web Services

 Vulnerability in Apache CXF

Description

Apache CXF contains vulnerabilities (CVE-2022-46364 and CVE-2022-46363).

Resolution

Apache CXF have been upgraded to a non-vulnerable version.
3.0.0

XE-7748

Operator

 Debian Version in Operator EOL

Description

The Debian version used by the operator has now reached end of support and needs to be upgraded.

Resolution

The Debian version has now been upgraded to Debian 11.
3.0.0

XE-7712

MZSH

 Incorrect Handling of Some MZSH Command Failures

Description

Some mzsh commands failures are not reported by the mzsh command line tool. Instead mzsh just silently fails, giving no feedback or error message.

Resolution

This problem has now been fixed and for any exceptions, an explicit message will be displayed.
3.0.0

34957

XE-7709

Data Veracity

 Data Veracity Masking Does Not Mask All Selected Fields

Description

When using Data Veracity Masking, UDR List type fields can be selected for masking but the values are not masked in view UDR.

Resolution

This problem has now been fixed, and the selected UDR List fields are now masked.
3.0.0

XE-7677

Apache

 Vulnerability in Commons-Net

Description

Commons-Net contain a vulnerability (CVE-2021-37533).

Resolution

Commons-net have been upgraded to a non-vulnerable version.
3.0.0

35051

35291

XE-7663

OpenAPI Profile

 OpenAPI Throws Error When Decoding Array Schema

Description

When using the Http agents with Open API Profile, the agent does not handle requests that contains array schema properly and throws null pointer exception.

Resolution

This issue has now been fixed and the agent can handle requests with array schemas. Array schemas will be added to the open api class but will be skipped during decoding.
3.0.0

XE-7658

HTTP/2

 Netty Version Upgraded

Description

A security vulnerability has been found in Netty versions 3.10.6.Final and 4.1.15.Final.

Resolution

Netty version is now upgraded to 4.1.73.Final to mitigate the reported vulnerability.
3.0.0

XE-7657

Ultra

 bit_block Constructs Not Supported in Switch Statement Prefix

Description

Ultra doesn't support declaring bit_blocks in the prefix of a switched_set.

Resolution

Ultra has been updated to support bit_blocks in the prefix of a switched_set. The fields inside the bit_block can be used as any other field in the prefix.
3.0.0

XE-7655

MZSH

 mzsh user Command Not Handling Input As Expected

Description

The "mzsh mzadmin/dr help user" command returns an output that does not corroborate with the information specified in the documentation. It describes that the "command" and "command options" are optional. Also, when running the command without any argument like "help", a long java.lang.IndexOutOfBoundsException error is displayed.

Resolution

The issue is fixed by specifying the format of the command to be used on the console. When entering the command without any arguments like help, an "Invalid command was entered" error is displayed along with information on how to use the command.
3.0.0

XE-7654

Avro

 Unable to Decode Boolean Data Type Avro

Description

Unable to decode Avro if boolean data types exist in the middle of field definition.

Resolution

Fixed the boolean decode with the correct offset reading.
3.0.0

XE-7653

Aggregation

 Validate Storage not Fixing Storage

Description

If session files are corrupted in file storage aggregation then validate storage should fix corrupted files. In some cases it does not work.

Resolution

Full (raw and decoded) file reading is implemented for validate storage to identify invalid sessions and remove it make the file valid.
3.0.0

XE-7651

LDAP

 Users Belonging to Multiple non-MZ Groups Failing Login to mzsh

Description

When LDAP is configured for an MZ instance, the mzsh command does not work for users belonging to multiple non-MZ groups.

Resolution

A filter has been added to check only for users from MZ groups.
3.0.0

XE-7646

Azure

 Vulnerability in Azure Libraries

Description

The Azure Libraries package contain a vulnerability (CVE-2022-31684).

Resolution

The Azure Libraries package have been upgraded to a non-vulnerable version.
3.0.0

XE-7639

Operator

 Upgrade of Golang in Operator

Description

The version of Golang used within the Operator is vulnerable to multiple CVEs.

Resolution

The Operator have been patched to use Golang 1.19.3.
3.0.0

XE-7624

PCC

 Redis Cannot be Used as Storage for PCC

Description

When using Usage Engine Private Edition 2.3, it is not possible to use Redis as storage for PCC as described.

Resolution

This problem has now been fixed and Redis can be used as storage for PCC.
3.0.0

XE-7623

Postgres

 Vulnerability in Postgres driver

Description

The Postgres driver contain a vulnerability (CVE-2022-41946).

Resolution

The Postgres driver has been upgraded to a non-vulnerable version.
3.0.0

34957

XE-7618

Documentation

 Unsupported Data Type for Data Veracity Only Mentioned in the Data Veracity Search Page

Description

We do not support List and Map types for Data Veracity filter, repair and data masking. The documentation only mentions this fact in the Data Veracity search page.

Resolution

The note for unsupported data types for Data Veracity has now been added into the other parts of the documentation for Data Veracity. Namely in the filter, repair and data masking pages.
3.0.0

XE-7614

Pico

 Increased Startup Times for Platform and ECDs

Description

The startup time for the Platform and ECDs have increased gradually between the last three releases.

Resolution

This problem has now been addressed and the startup time reduced considerably.
3.0.0

34944

35480

XE-7584

Aggreagation

 Aggregation Session Inspector Cannot Handle Separate Storage per Workflow

Description

If there is a issue when fetching information about which EC group has been used with an Aggregation profile, the Aggregation Inspector returns an error instead of displaying information about any aggregation profiles that can be procured. This was caused by incorrect checking of EC group names by the Aggregation Inspector.

Resolution

The Aggregation Inspector code has been fixed to perform a proper search for EC groups that an Aggregation profile uses.
3.0.0

XE-7561

Prometheus

 Vulnerability in JMX-exporter

Description

JMX-exporter contains vulnerabilities (CVE-2022-38752).

Resolution

JMX-exporter have been upgraded to a non-vulnerable version.
3.0.0

XE-7529

SFTP

 Sort Order Criteria not Always Applied to SFTP Collection Agent

Description

When using the SFTP Collection Agent, the configured Sort Order criteria is not applied to subfolders when the SFTP collection agent setting is as follow:Include Subfolder option under Source tab is selected andEnable Sort Order option under Sort Order tab is selected andthe specified Directory contains only 1 subfolder (the said subfolder)The SFTP collection workflow run is expected to abort when the said subfolder does not meet the Sort Order criteria but instead the workflow runs successfully without error.

Resolution

This is fixed so that Sort Order criteria is applied when there is only 1 subfolder within the specified Directory.
3.0.0

XE-7521

OSGI

 bndlib Version Getting Old

Description

Newer versions of bndlib has been released that we should upgrade to.

Resolution

bndlib has now been updated to 6.3.1.
3.0.0

34356

XE-7483

Data Veracity

 Unable to Specify Schema for Data Veracity Tables

Description

Postgres schema name may be something else other than username. When using Postgres DB with Data Veracity, it was not possible to edit table names in Data Veracity Profile to include schema name with a dot '.', e.g.: schemaName.dvTableName. Any dots in the specified table name simply gets replaced with underscores "_".

Resolution

This fix allows schema name to be specified for Data Veracity table names. Data Veracity interprets the portion of name before the 1st dot '.' as schema name.
3.0.0

XE-7480

SAP CC

 SAP CC Online agent timeout functionality working as expected now

Description

SAP CC Online agent ignored the timeout value.

Resolution

Revert the refactor implementation code, SAP CC Online agent timeout function is working as before.
3.0.0

34339

XE-7443

SFTP

 Extra Dot/Slash in SFTP Collection Error Message

Description

SFTP Collection agent displays an ugly path containing extra dot and slash in exception message.

Resolution

Before the program throws out an exception which displays an ugly path, it requires normalization to get rid of the unwanted dot and slash.
3.0.0

34339

XE-7442

SFTP

 Sorting Causes SFTP Collection to Crash

Description

Using relative paths on the Directory field in SFTP collection agent causes workflows to abort because the absolute path is constructed incorrectly.

Resolution

Avoid changing the the working directory as the program traverses into different folders and subfolders. Instead, construct the absolute path dynamically each time as it tries to find the list of files and folders available in the current folder.
3.0.0

34424

XE-7353

Aggregation

Couchbase

 Properties for Couchbase Incorrectly Displayed in Aggregation Agent for Batch Workflows

Description

Despite Couchbase storage not being supported by batch workflows, the Couchbase properties were still displayed when configuring the Aggregation profile.

Resolution

Couchbase properties will not be displayed during configuration unless it is a real-time workflow.
3.0.0

30923

XE-7347

Workflow Engine

 Failing to Stop Workflow May Cause the Workflow to Hang in Stopping State

Description

If a workflow stop fails, the workflow state may get into an unrecoverable state. It will then be Running and can not be stopped unless the Execution Context is restarted.

Resolution

A workflow stop command will now always attempt to stop the workflow, even if the stop signal has already been sent.
3.0.0

XE-7315

Web Desktop

 Vulnerability in WebSwing

Description

WebSwing contains vulnerabilities (CVE-2022-42920, CVE-2022-3171, CVE-2022-42003 and CVE-2022-42004).

Resolution

WebSwing have been upgraded to a non-vulnerable version.
3.0.0

XE-7228

Jackson

 Vulnerability in Jackson libraries

Description

The Jackson libraries contain vulnerabilities (CVE-2022-42003 and CVE-2022-42004).

Resolution

Jackson and Jackson-databind have been upgraded to a non-vulnerable version.
3.0.0

32605

XE-7109

Documentation

 Database Property Parameter Missing in Documentation

Description

The documentation for EC Properties was missing a database property, connectionpool.strict.pool.size.

Resolution

The missing parameter is now added to the Infozone under the section of EC properties.
3.0.0

XE-7100

Salesforece

 Vulnerability in CometD

Description

The CometD Library contain a vulnerability (CVE-2022-24721).

Resolution

The CometD library have been upgraded to a non-vulnerable version.
3.0.0

33129

XE-6961

EC Deployment

 Broken Error Handling for EC Deployment API

Description

Sometimes the ResponseBody of an kubernetes ApiException can be null, which results in a null pointer exception in the EC Deployment API.

Resolution

This problem has now been fixed and if the ResponseBody is null, an error message will be displayed.
3.0.0

XE-7783

SAP CC

 Wrong Password May Allow SAP CC Workflow to Start

Description

When user insert a wrong SAP CC login password, workflow can be start without abort, no authentication failed message at debug mode.

Resolution

When authentication failed it will immediately showing error and abort the workflow.
3.0.0

XE-2445

mzcli

 Variable Substitution not Working for mzcli

Description

The mzcli script is unable to substitute environment variables in a command.

Resolution

This issue has now been fixed and the environment variables are substituted successfully.